SCOUG-HELP Mailing List Archives

<< Previous Message << >> Next Message >>

Date:	Sun, 7 Jul 2002 11:55:14 PST7
From:	Peter Skye <pskye@peterskye.com >
Reply-To:	scoug-help@scoug.com
To:	scoug-help@scoug.com
Subject:	SCOUG-Help: ISP Side IPTrace

Content Type: text/plain

=====================================================
If you are responding to someone asking for help who
may not be a member of this list, be sure to use the
REPLY TO ALL feature of your email program.
=====================================================

> > >As a matter of academic interest I would like
> > >to know how to do an IPTrace on the traffic
> > >between my SMC firewall and my ISP.
> >
> > You probably can't without some work. If the connection
> > between the modem and the router is standard ethernet,
> > you could stuff a gateway computer between them.
> > Then you can do all the IPTracing you like.
>
> Would that setup be as simple a connecting a plain 4-port
> hub between the cable modem and router with a third port
> going to another computer or does it mean I must dust off
> my old InJoy 486 and substitute it for the router?

I *think* the original poster wants a sniffer, which is
sort of like a wiretap consisting of a Y-connector and
a recording device. Remember I said "sort of". :)

As for using a hub, some hubs can be used as Y-connectors
and some can't.

A router is a workaround. Terry Warren wrote some routeresque
Java code a few years ago which can do this. It was
surprisingly small, only 100 lines or so (no wonder Terry likes
Java). He sent it to me back then and I've got it somewhere;
Terry is the July SCOUG presenter if you want to ask him about
it. The code basically just opens a new Java thread for each
new connection and copies the transmitted packets between the
two machines. Shouldn't be too hard to modify it to also write
the packets to disk, thus "sniffing" what's going on. I *think*
that IPTRACE writes the packets without any changes, thus
IPFORMAT should be able to read a different program's sniff (you
might need a header on the file). An IPFORMAT replacement
called IPFORMATX showed up on Hobbes a few weeks ago and that
author apparently knows the file format. I've put the upload
template for IPFORMATX below.

- Peter
_____

Upload Information Template for Hobbes.nmsu.edu
===============================================

Archive Filename: ipformatx.zip
Short Description: IPFORMAT Look-alike
Long Description: This an alternative to the IBM IPTRACE program. It has some, limited extensions
such as interpretation of other tcp options, better expansion of DNS packets and
identification of more ICMP types and responses. Source has been included to
facilitate further user development.

Proposed directory
for placement: /pub/os2/util/network/tcpip

Your name: Mike Fry
Email address: mikefry@iafrica.com
Program contact name: (same)
Program contact email: (same)
Program URL: (none)

Would you like the
contact email address
included in listings? yes

Operating System/Version:
Additional requirements: OS/2 Warp. Watcom 10.6 to compile the source + 4.1 Toolkit

Replaces: (none)

=====================================================

To unsubscribe from this list, send an email message
to "steward@scoug.com". In the body of the message,
put the command "unsubscribe scoug-help".

For problems, contact the list owner at
"rollin@scoug.com".

=====================================================

Return to [ 07 | July | 2002 ]

SCOUG, Warp Expo West, and Warpfest are trademarks of the Southern California OS/2 User Group. OS/2, Workplace Shell, and IBM are registered trademarks of International Business Machines Corporation. All other trademarks remain the property of their respective owners.